alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

feat: switch to airvpn #4912

Merged
alexlebens merged 1 commits from tmp/airvpn into main 2026-03-20 04:08:33 +00:00
Conversation 0 Commits 1 Files Changed 10 +175 -130
10 changed files with 175 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml
View File

@@ -60,20 +60,27 @@ spec:
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /protonvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: private-key property: private-key
- secretKey: proton-email - secretKey: preshared-key
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /protonvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: email property: preshared-key
- secretKey: proton-password - secretKey: addresses
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /protonvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: password property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

132
clusters/cl01tl/helm/music-grabber/values.yaml
View File

@@ -50,72 +50,72 @@ music-grabber:
requests: requests:
cpu: 10m cpu: 10m
memory: 512Mi memory: 512Mi
gluetun: # gluetun:
image: # image:
repository: ghcr.io/qdm12/gluetun # repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab # tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
pullPolicy: IfNotPresent # pullPolicy: IfNotPresent
lifecycle: # lifecycle:
postStart: # postStart:
exec: # exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] # command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env: # env:
- name: VPN_SERVICE_PROVIDER # - name: VPN_SERVICE_PROVIDER
value: protonvpn # value: airvpn
- name: VPN_TYPE # - name: VPN_TYPE
value: wireguard # value: wireguard
- name: WIREGUARD_PRIVATE_KEY # - name: WIREGUARD_PRIVATE_KEY
valueFrom: # valueFrom:
secretKeyRef: # secretKeyRef:
name: music-grabber-wireguard-conf # name: music-grabber-wireguard-conf
key: private-key # key: private-key
- name: UPDATER_PROTONVPN_EMAIL # - name: WIREGUARD_PRESHARED_KEY
valueFrom: # valueFrom:
secretKeyRef: # secretKeyRef:
name: music-grabber-wireguard-conf # name: music-grabber-wireguard-conf
key: proton-email # key: preshared-key
- name: UPDATER_PROTONVPN_PASSWORD # - name: WIREGUARD_ADDRESSES
valueFrom: # valueFrom:
secretKeyRef: # secretKeyRef:
name: music-grabber-wireguard-conf # name: music-grabber-wireguard-conf
key: proton-password # key: addresses
- name: FIREWALL_OUTBOUND_SUBNETS # - name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8 # value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS # - name: FIREWALL_INPUT_PORTS
value: 8080 # value: 8080
- name: DNS_UPSTREAM_RESOLVER_TYPE # - name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot # value: dot
- name: HTTPPROXY # - name: HTTPPROXY
value: "off" # value: "off"
- name: SHADOWSOCKS # - name: SHADOWSOCKS
value: "off" # value: "off"
securityContext: # securityContext:
privileged: True # privileged: True
capabilities: # capabilities:
add: # add:
- NET_ADMIN # - NET_ADMIN
- SYS_MODULE # - SYS_MODULE
probes: # probes:
liveness: # liveness:
enabled: true # enabled: true
custom: true # custom: true
spec: # spec:
exec: # exec:
command: # command:
- /gluetun-entrypoint # - /gluetun-entrypoint
- healthcheck # - healthcheck
failureThreshold: 5 # failureThreshold: 5
initialDelaySeconds: 30 # initialDelaySeconds: 30
periodSeconds: 30 # periodSeconds: 30
successThreshold: 1 # successThreshold: 1
timeoutSeconds: 15 # timeoutSeconds: 15
resources: # resources:
limits: # limits:
devic.es/tun: "1" # devic.es/tun: "1"
requests: # requests:
devic.es/tun: "1" # devic.es/tun: "1"
cpu: 10m # cpu: 10m
memory: 128Mi # memory: 128Mi
service: service:
main: main:
controller: main controller: main

21
clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml
View File

@@ -16,23 +16,30 @@ spec:
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /protonvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: private-key property: private-key
- secretKey: proton-email - secretKey: preshared-key
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /protonvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: email property: preshared-key
- secretKey: proton-password - secretKey: addresses
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /protonvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: password property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1

17
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -56,7 +56,7 @@ qbittorrent:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env: env:
- name: VPN_SERVICE_PROVIDER - name: VPN_SERVICE_PROVIDER
value: protonvpn value: airvpn
- name: VPN_TYPE - name: VPN_TYPE
value: wireguard value: wireguard
- name: WIREGUARD_PRIVATE_KEY - name: WIREGUARD_PRIVATE_KEY
@@ -64,20 +64,23 @@ qbittorrent:
secretKeyRef: secretKeyRef:
name: qbittorrent-wireguard-conf name: qbittorrent-wireguard-conf
key: private-key key: private-key
- name: UPDATER_PROTONVPN_EMAIL - name: WIREGUARD_PRESHARED_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: qbittorrent-wireguard-conf name: qbittorrent-wireguard-conf
key: proton-email key: preshared-key
- name: UPDATER_PROTONVPN_PASSWORD - name: WIREGUARD_ADDRESSES
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: qbittorrent-wireguard-conf name: qbittorrent-wireguard-conf
key: proton-password key: addresses
- name: VPN_PORT_FORWARDING - name: VPN_PORT_FORWARDING
value: "on" value: "on"
- name: VPN_PORT_FORWARDING_UP_COMMAND - name: FIREWALL_VPN_INPUT_PORTS
value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"' valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: input-ports
- name: PORT_FORWARD_ONLY - name: PORT_FORWARD_ONLY
value: "on" value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS - name: FIREWALL_OUTBOUND_SUBNETS

21
clusters/cl01tl/helm/slskd/templates/external-secret.yaml
View File

@@ -62,20 +62,27 @@ spec:
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /protonvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: private-key property: private-key
- secretKey: proton-email - secretKey: preshared-key
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /protonvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: email property: preshared-key
- secretKey: proton-password - secretKey: addresses
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /protonvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: password property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

23
clusters/cl01tl/helm/slskd/values.yaml
View File

@@ -54,30 +54,37 @@ slskd:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env: env:
- name: VPN_SERVICE_PROVIDER - name: VPN_SERVICE_PROVIDER
value: protonvpn value: airvpn
- name: VPN_TYPE - name: VPN_TYPE
value: wireguard value: wireguard
- name: WIREGUARD_PRIVATE_KEY - name: WIREGUARD_PRIVATE_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: slskd-wireguard-conf name: qbittorrent-wireguard-conf
key: private-key key: private-key
- name: UPDATER_PROTONVPN_EMAIL - name: WIREGUARD_PRESHARED_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: slskd-wireguard-conf name: qbittorrent-wireguard-conf
key: proton-email key: preshared-key
- name: UPDATER_PROTONVPN_PASSWORD - name: WIREGUARD_ADDRESSES
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: slskd-wireguard-conf name: qbittorrent-wireguard-conf
key: proton-password key: addresses
- name: VPN_PORT_FORWARDING - name: VPN_PORT_FORWARDING
value: "on" value: "on"
- name: FIREWALL_VPN_INPUT_PORTS
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: input-ports
- name: PORT_FORWARD_ONLY - name: PORT_FORWARD_ONLY
value: "on" value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS - name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16 value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS - name: FIREWALL_INPUT_PORTS
value: 5030,50300 value: 5030,50300
- name: DNS_UPSTREAM_RESOLVER_TYPE - name: DNS_UPSTREAM_RESOLVER_TYPE

21
clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml
View File

@@ -83,20 +83,27 @@ spec:
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /protonvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: private-key property: private-key
- secretKey: proton-email - secretKey: preshared-key
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /protonvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: email property: preshared-key
- secretKey: proton-password - secretKey: addresses
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /protonvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: password property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

10
clusters/cl01tl/helm/tubearchivist/values.yaml
View File

@@ -53,7 +53,7 @@ tubearchivist:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env: env:
- name: VPN_SERVICE_PROVIDER - name: VPN_SERVICE_PROVIDER
value: protonvpn value: airvpn
- name: VPN_TYPE - name: VPN_TYPE
value: wireguard value: wireguard
- name: WIREGUARD_PRIVATE_KEY - name: WIREGUARD_PRIVATE_KEY
@@ -61,16 +61,16 @@ tubearchivist:
secretKeyRef: secretKeyRef:
name: tubearchivist-wireguard-conf name: tubearchivist-wireguard-conf
key: private-key key: private-key
- name: UPDATER_PROTONVPN_EMAIL - name: WIREGUARD_PRESHARED_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: tubearchivist-wireguard-conf name: tubearchivist-wireguard-conf
key: proton-email key: preshared-key
- name: UPDATER_PROTONVPN_PASSWORD - name: WIREGUARD_ADDRESSES
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: tubearchivist-wireguard-conf name: tubearchivist-wireguard-conf
key: proton-password key: addresses
- name: FIREWALL_OUTBOUND_SUBNETS - name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8 value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS - name: FIREWALL_INPUT_PORTS

21
clusters/cl01tl/helm/yubal/templates/external-secret.yaml
View File

@@ -16,20 +16,27 @@ spec:
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /protonvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: private-key property: private-key
- secretKey: proton-email - secretKey: preshared-key
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /protonvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: email property: preshared-key
- secretKey: proton-password - secretKey: addresses
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /protonvpn/conf/cl01tl key: /airvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: password property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

18
clusters/cl01tl/helm/yubal/values.yaml
View File

@@ -40,11 +40,7 @@ yubal:
# command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] # command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
# env: # env:
# - name: VPN_SERVICE_PROVIDER # - name: VPN_SERVICE_PROVIDER
# value: protonvpn # value: airvpn
# - name: PUID
# value: "1000"
# - name: PGID
# value: "1000"
# - name: VPN_TYPE # - name: VPN_TYPE
# value: wireguard # value: wireguard
# - name: WIREGUARD_PRIVATE_KEY # - name: WIREGUARD_PRIVATE_KEY
@@ -52,22 +48,26 @@ yubal:
# secretKeyRef: # secretKeyRef:
# name: yubal-wireguard-conf # name: yubal-wireguard-conf
# key: private-key # key: private-key
# - name: UPDATER_PROTONVPN_EMAIL # - name: WIREGUARD_PRESHARED_KEY
# valueFrom: # valueFrom:
# secretKeyRef: # secretKeyRef:
# name: yubal-wireguard-conf # name: yubal-wireguard-conf
# key: proton-email # key: preshared-key
# - name: UPDATER_PROTONVPN_PASSWORD # - name: WIREGUARD_ADDRESSES
# valueFrom: # valueFrom:
# secretKeyRef: # secretKeyRef:
# name: yubal-wireguard-conf # name: yubal-wireguard-conf
# key: proton-password # key: addresses
# - name: FIREWALL_OUTBOUND_SUBNETS # - name: FIREWALL_OUTBOUND_SUBNETS
# value: 10.0.0.0/8 # value: 10.0.0.0/8
# - name: FIREWALL_INPUT_PORTS # - name: FIREWALL_INPUT_PORTS
# value: 8000 # value: 8000
# - name: DNS_UPSTREAM_RESOLVER_TYPE # - name: DNS_UPSTREAM_RESOLVER_TYPE
# value: dot # value: dot
# - name: HTTPPROXY
# value: "off"
# - name: SHADOWSOCKS
# value: "off"
# securityContext: # securityContext:
# privileged: True # privileged: True
# capabilities: # capabilities: